Posted
by
timothy
on Thursday January 31, 2013 @11:07AM
from the just-a-coincidence dept.

An anonymous reader writes " Rob is a Time Warner Cable customer, and he's received two really interesting things from them lately. First, a 50% speed boost: they claim to have upgraded the speed of his home Internet connection. That's neat. Oh, and they've also cut his bill, from $45 to $30. Wow! What has prompted this amazing treatment? Years of loyalty and on-time payments? No, not exactly. Rob lives in Kansas City, pilot site for Google Fiber. Even though they have shut off people in other states for using too much bandwidth. Is Google making them show that it's not that hard to provide good service and bandwidth?"

Posted
by
timothy
on Thursday January 31, 2013 @10:26AM
from the it's-ok-they're-calling-the-premier dept.

Orome1 writes "A new discovered malware is potentially one of the most costly viruses yet discovered. Uncovered by NQ Mobile, the 'Bill Shocker' (a.expense.Extension.a) virus has already impacted 620,000 users in China and poses a threat to unprotected Android devices worldwide. Bill Shocker downloads in the background, without arousing the mobile device owner's suspicion. The infection can then take remote control of the device, including the contact list, Internet connections and dialing and texting functions. Once the malware has turned the phone into a "zombie," the infection uses the device to send text message to the profit of advertisers. In many cases, the threat will overrun the user's bundling quota, which subjects the user to additional charges."

Posted
by
samzenpus
on Thursday January 31, 2013 @09:03AM
from the protect-ya-neck dept.

Rick Zeman writes "According to a headline article in the New York Times, they admit to being hacked by the Chinese, and covers the efforts of Mandiant to investigate, and then to eradicate their custom Advanced Persistent Threats (APT). This was alleged to be in reaction to an article which details the sleazy business dealings of the family of Wen Jiabao, China's newest Prime Minister. China's Ministry of National Defense said in denial, 'Chinese laws prohibit any action including hacking that damages Internet security.'"Update: 01/31 15:00 GMT by T: The Times used Symanetic's suite of malware protection software; Symantec has issued a statement that could be taken as slightly snippy about its role in (not) preventing the spyware from taking hold.

Posted
by
Soulskill
on Wednesday January 30, 2013 @06:33PM
from the also-juliennes-fries dept.

An anonymous reader writes "In a February 2013 ACM Queue / Communications of the ACM article, A decade of OS access-control extensibility, Robert Watson at the University of Cambridge credits 2000s-era DARPA security research, distributed via FreeBSD, for the success of sandboxing in desktop, mobile, and embedded systems such as Mac OS X, iOS, and Juniper's Junos router OS. His blog post about the article argues that OS security extensibility is just as important as more traditional file system (VFS) and device driver extensibility features in kernels — especially in embedded environments where UNIX multi-user security makes little sense, and where tradeoffs between performance, power use, functionality, and security are very different. This seems to fly in the face of NSA's recent argument argument that one-size-fits-all SELinux-style Type Enforcement is the solution for Android security problems. He also suggests that military and academic security researchers overlooked the importance of app-store style security models, in which signed application identity is just as important as 'end users' in access control."

Posted
by
Soulskill
on Wednesday January 30, 2013 @05:51PM
from the reading,-'riting,-and-'rogramming dept.

Qedward writes "As the UK prepares to shake up the way computer science is taught in schools, Redmond is warning that the UK risks falling behind other countries in the race to develop and nurture computing talent, if 'we don't ensure that all children learn about computer science in primary schools.' With 100,000 unfilled IT jobs but only 30,500 computer science graduates in the UK last year, MS believes: 'By formally introducing children to computer science basics at primary school, we stand a far greater chance of increasing the numbers taking the subject through to degree level and ultimately the world of work.'"

Posted
by
Unknown Lamer
on Wednesday January 30, 2013 @11:10AM
from the like-openfirmware-only-it-sucks dept.

wehe writes "Heise News reports today some Samsung notebooks can be turned into a brick if booted just one time via UEFI into Linux. Even the firmware does not boot anymore. Some reports in the Ubuntu bug tracker system report that such notebooks can not be recovered without replacing the main board. Other Linux distributions may be affected as well. Kernel developers are discussing a change in the Samsung-laptop driver."
It appears even Samsung is having trouble tracking down the problem (from the article): "According to Canonical's Steve Langasek, Samsung developers have been attempting to develop a firmware update to prevent the problem for several weeks. Langasek is advising users to start Ubuntu installation on Samsung notebooks from an up-to-date daily image, in which the Ubuntu development team has taken precautions to prevent the problem from arising. It is, however, not completely clear that these measures are sufficient."

Posted
by
Soulskill
on Wednesday January 30, 2013 @03:17AM
from the much-lower-than-expected dept.

Gunkerty Jeb writes "In a project that found more than 80 million unique IP addresses responding to Universal Plug and Play (UPnP) discovery requests, researchers at Rapid7 were shocked to find that somewhere between 40 and 50 million of those are vulnerable to at least one of three known attacks. A Rapid7 white paper enumerated UPnP-exposed systems connected to the Internet and identified the number of vulnerabilities present in common configurations. Researchers found that more than 6,900 product models produced by 1,500 different vendors contained at least one known vulnerability, with 23 million systems housing the same remote code execution flaw. 'This research was primarily focused on vulnerabilities in the SSDP processor across embedded devices,' Rapid7's CSO HD Moore said. 'The general process was to identify what was out there, make a list of the most commonly used software stacks, and then audit those stacks for vulnerabilities. The results were much worse than we anticipated, with the most commonly used software stack (libupnp) also being the most vulnerable.'"

Posted
by
Soulskill
on Tuesday January 29, 2013 @03:01PM
from the rome-wasn't-built-in-5-years-either dept.

alphadogg writes "Five years after the disclosure of a serious vulnerability in the Domain Name System dubbed the Kaminsky bug, only a handful of U.S. ISPs, financial institutions or e-commerce companies have deployed DNS Security Extensions (DNSSEC) to alleviate this threat. In 2008, security researcher Dan Kaminsky described a major DNS flaw that made it possible for hackers to launch cache poisoning attacks, where traffic is redirected from a legitimate website to a fake one without the website operator or end user knowing. While DNS software patches are available to help plug the Kaminsky hole, experts agree that the best long-term fix is DNSSEC, which uses digital signatures and public-key encryption to allow websites to verify their domain names and corresponding IP addresses and prevent man-in-the-middle attacks. Despite the promise of DNSSEC, the number of U.S. corporations that have deployed this added layer of security to their DNS server is minuscule."

Posted
by
timothy
on Tuesday January 29, 2013 @11:54AM
from the get-out-of-the-phone-booth dept.

An anonymous reader writes "Electronic devices are built to last, which make them very reliable. However, if during a hostile situation such a device has to be left behind or gets dropped, it will continue to function and could end up giving the enemy an advantage. With that in mind, DARPA has set about creating electronics that work for as long as necessary, but can be destroyed at a moment's notice. The project is called Vanishing Programmable Resources (VAPR). Its main aim is to develop so-called transient electronics that are capable of dissolving completely, or at the very least to the point where they no longer function. Destroying a VAPR device should be as easy as sending a signal to it or placing the device within certain conditions e.g. extreme heat or cold, that triggers the rapid destruction process."

Posted
by
timothy
on Tuesday January 29, 2013 @11:16AM
from the paradox-of-choice dept.

noh8rz10 writes "Holy moly! iPad gets a heavyweight sibling, clicking in at 128GB. This places it in range of storage for Surface Pro and ultrabooks. It's clearly targeted at the professional market, as the press release cites X-rays and CAD files as reasons. Should Microsoft be afraid? Methinks so. Best part, pricing is growing by log 2. Just as the 32GB version is $100 more than the 16, and the 64 is $100 more than the 32, this new version is $100 more than the 64!"Update: 01/29 16:00 GMT by T: Here's Apple's announcement itself.

Posted
by
Unknown Lamer
on Tuesday January 29, 2013 @06:04AM
from the duct-tape-joke dept.

snydeq writes "Deep End's Paul Venezia waxes philosophical about Perl stagnancy in IT. 'A massive number of tools and projects still make the most out of the language. But it's hard to see Perl regaining its former glory without a dramatic turnaround in the near term. As more time goes by, Perl will likely continue to decline in popularity and cement its growing status as a somewhat arcane and archaic language, especially as compared to newer, more lithe options. Perhaps that's OK. Perl has been an instrumental part of the innovation and technological advancements of the last two decades, and it's served as a catalyst for a significant number of other languages that have contributed heavily to the programming world in general.'"

Posted
by
Unknown Lamer
on Monday January 28, 2013 @11:01PM
from the your-curtains-are-ugly dept.

Sparrowvsrevolution writes with news of some particularly insecure security cameras. From the article: "Eighteen brands of security camera digital video recorders are vulnerable to an attack that would allow a hacker to remotely gain control of the devices to watch, copy, delete or alter video streams at will, as well as to use the machines as jumping-off points to access other computers behind a company's firewall, according to tests by two security researchers. And 58,000 of the hackable video boxes, all of which use firmware provided by the Guangdong, China-based firm Ray Sharp, are accessible via the Internet. Early last week a hacker who uses the handle someLuser found that commands sent to a Swann DVR via port 9000 were accepted without any authentication. That trick would allow anyone to retrieve the login credentials for the DVR's web-based control panel. To compound the problem, the DVRs automatically make themselves visible to external connections using a protocol known as Universal Plug And Play, (UPnP) which maps the devices' location to any local router that has UPnP enabled — a common default setting. ...Neither Ray Sharp nor any of the eighteen firms have yet released a firmware fix."